Snippings

xxx

A Paraguayan government official has been replaced after it was revealed that he signed a memorandum of understanding with representatives of a fugitive Indian guru’s fictional country, who also appear to have duped several other officials in the South American country.

Arnaldo Chamorro was replaced as chief of staff for Paraguay’s agriculture ministry on Wednesday shortly after it was revealed that he signed a “proclamation” with representatives of the United States of Kailasa.

On Kailasa’s website, the fictional country is described as the “revival of the ancient enlightened Hindu civilizational nation which is being revived by displaced Hindus from around the world”. It is led by a self-styled guru, Nithyananda, who is wanted in India on several charges, including sexual assault. His whereabouts are unknown

From: Paraguay official resigns after signing agreement with fictional country | Paraguay | The Guardian.

xxx

xxx

On February 16, 2023, the decentralized finance platform Platypus had the equivalent of 8.3 million euros siphoned from one of its “pools” , a shared reserve of cryptocurrencies made available to investors wishing to trade digital assets. That day, Mohammed M. took advantage of an error in the code to withdraw all of the assets, without offering the slightest consideration.

From: Hacking of the Platypus cryptocurrency platform: the two accused acquitted by the courts.

xxx

Mohammed M. is then indicted for accessing and maintaining an automated data processing system, fraud and money laundering, while his brother is accused of receiving stolen goods.

 

Following a mistake on his part, the equivalent of 7.8 million euros remains blocked in a wallet that is now completely inaccessible to anyone

 

the two accused acquitted by the courts

xxx

North Korea-linked hacker organization Lazarus Group has stolen $3 billion in cryptocurrency over the past six years, according to a report by cybersecurity firm Recorded Future.
The report released on Thursday reveals that in 2022 alone, the group plundered $1.7 billion in cryptocurrency, likely to fund North Korean projects.
Blockchain data analysis firm Chainalysis indicates that out of this total, $1.1 billion was stolen from decentralized finance (DeFi) platforms.

From: Lazarus Group Stolen $3B in Cryptocurrency Likely to Fund North Korean Projects.

xxx

xxx

Fraud accounts for around 40% of all crime in England and Wales, with data from UK Finance showing almost 80% of all authorised pushed payment fraud originates from social media or a fake website.

From: World first agreement to tackle online fraud – GOV.UK.

xxx

xxx

Fraudsters can manipulate audio or video recordings to deceive employees or customers, enabling them to gain unauthorized access to sensitive information or carry out fraudulent transactions. In one case, AI voice cloning technology scammed a bank manager into initiating wire transfers worth $35 million. And an AI hologram was used to impersonate the COO of one of the world’s largest crypto exchanges on Zoom call, scamming another business into losing all their liquid funds.

From What are deepfakes and how do fraudsters use them? | Onfido.

xxx

xxx

The Waterloo researchers have developed a method that evades spoofing countermeasures and can fool most voice authentication systems within six attempts. They identified the markers in deepfake audio that betray it is computer-generated, and wrote a program that removes these markers, making it indistinguishable from authentic audio.

In a recent test against Amazon Connect’s voice authentication system, they achieved a 10 per cent success rate in one four-second attack, with this rate rising to over 40 per cent in less than thirty seconds. With some of the less sophisticated voice authentication systems they targeted, they achieved a 99 per cent success rate after six attempts.

From How secure are voice authentication systems really? | Waterloo News | University of Waterloo.

xxx

xxx

First and foremost, the digital euro will preserve the most valuable features of cash in the digital space, making it a true “digital banknote”. As legal tender, it would be usable throughout the euro area in all contexts, including e-commerce. Its offline mechanism will provide a cash-like level of privacy and increase our resilience. It will be free of charge for individuals. Its characteristics will support digital financial inclusion, including for people without bank accounts or smartphones.

From Money and payments in the digital age | Banque de France.

xxx

xxx

Fraud accounts for around 40% of all crime in England and Wales, with data from UK Finance showing almost 80% of all authorised pushed payment fraud originates from social media or a fake website.

From: World first agreement to tackle online fraud – GOV.UK.

xxx

xxx

Elven Big Tech firms and social media platforms have signed up to a UK Online Fraud Charter to combat rising levels of scams from fake adverts and romance fraud.

From: UK to bring tech firms to account under new Online Fraud Charter.

xxx

Under the new Charter the companies, which include Amazon, eBay, Facebook, Google, Instagram, LinkedIn, Match Group, Microsoft, Snapchat, TikTok, and YouTube, have pledged to verify new advertisers and “promptly” remove any fraudulent content.

Vitalik Buterin points to four key areas where new technology is improving the situation

It is generally understood among security professionals that the current state of computer security is pretty terrible. That said, it’s easy to understate the amount of progress that has been made. Hundreds of billions of dollars of cryptocurrency are available to anonymously steal by anyone who can hack into users’ wallets, and while far more gets lost or stolen than I would like, it’s also a fact that most of it has remained un-stolen for over a decade. Recently, there have been improvements:

Secure Elements. Trusted hardware chips inside of users’ phones, effectively creating a much smaller high-security operating system inside the phone that can remain protected even if the rest of the phone gets hacked. Among many other use cases, these chips are increasingly being explored as a way to make more secure crypto wallets.

Browsers as the de-facto operating system. Over the last ten years, there has been a quiet shift from downloadable applications to in-browser applications. This has been largely enabled by WebAssembly (WASM). Even Adobe Photoshop, long cited as a major reason why many people cannot practically use Linux because of its necessity and Linux-incompatibility, is now Linux-friendly thanks to being inside the browser. This is also a large security boon: while browsers do have flaws, in general they come with much more sandboxing than installed applications: apps cannot access arbitrary files on your computer.

Hardened operating systems. GrapheneOS for mobile exists, and is very usable. QubesOS for desktop exists; it is currently somewhat less usable than Graphene, at least in my experience, but it is improving.

Attempts at moving beyond passwords. Passwords are, unfortunately, difficult to secure both because they are hard to remember, and because they are easy to eavesdrop on. Recently, there has been a growing movement toward reducing emphasis on passwords, and making multi-factor hardware-based authentication actually work (ie, passkeys).

From My techno-optimism.

xxx

Vitalik Buterin made a very good point about this

xxx

The need to protect against spam has led to email becoming very oligopolistic in practice, making it very hard to self-host or create a new email provider.

From My techno-optimism.

xxx

Indeed, this is what happened to me. For years I ran a mail server for our family’s accounts but with increasing frequency it was attacked in various ways and used to send spam, which meant it kept getting blocked. It was time-consuming and exhausting so eventually I gave up and moved the accounts to Google.